[ale] OT: the Penny Black anti-spam proposal

ChangingLINKS.com groups at ChangingLINKS.com
Sat Dec 27 13:44:20 EST 2003


On Saturday 27 December 2003 08:51, Geoffrey wrote:
> ChangingLINKS.com wrote:
> >> You're willing to continue to let all that bandwidth be wasted?
> > 
> > Yes. For some time (see below). Oh, by the way, exactly how much
> > "bandwidth" is being wasted?
> 
> Estimates indicate that it's over 70% of all email.

. . . good. A percentage. Now to make that number mean something, please give 
me the estimate of how much email is sent. How much email compared to 
downloading? 
Your position is more SPAM is sent that downloads. Let's take me for example. 
I know that I have downloaded Suse 9.0, 8.2, 8.1 each 3 times over since I 
have lived here. Further, I have downloaded music. You know, the "college" 
type of download where you just let gnutella run for hours and even days. I 
have ftped website files and my database back and forth several times.
Is you position that I still have more spam bandwidth than downloading?
I do have one of the most spammed email addresses on the net, but I sincerely 
doubt it reaches gigabytes of spam. How many gig of spam did you receive?

> 
> > How (and how much) does it impact your
> > ability to surf or use the Internet?
> 
> That's not the issue.  Wouldn't you like to have a $10 dsl connection? 
> Don't you understand that the infrastructure of the internet must 
> support the wasted bandwidth, and is in turn showing up in the costs of 
> services?

NO. I don't. Here your position seems to imply that bandwidth is sent via UPS. 
For each packet they sent, there is a cost. Lowering the bandwidth is NOT 
lower the price. 
<sarcasm>Man, my Roadrunner bill was HIGH this month, gotta cut down on all 
that spam and downloading. Bummer!</sarcasm>
You seem to be living back in the days where bandwidth was sooo very precious, 
and people paid by how much time they were logged on, while only being able 
to transfer 14.4.
Further, you position seems to imply that they set up more lines just to 
handle spam bandwidth and that translates directly to cost.
The internet could not be anything like my LAN could it? 
<sarcasm>I was just telling the wife today to cut down on using NFS because 
she is wasting bandwidth, and I am going to have to lay some bigger pipes in 
here. I went to the store to find cable that can handle 1 gig bandwith per 
seccond, 2 gig bandwidth per second, 3 gig . . . . I think I will go with the 
2 gig wire.</sarcasm>

How much bandwidth is used overall?
Exactly how much spam bandwidth is used over and above other bandwidh?
Where do you buy cable/servers/infrastructure that can't handle THAT 
(specific) difference in bandwidth?

> 
> > How much bandwidth does spam use as compared to illegal downloads?
> 
> A much greater amount I assure you.  I completely understand that 
> 'illegal downloads' are generally binary and larger then the average 
> spam email.  But, the spam volume greatly exceeds 'illegal downloads' 
> when it comes to bandwidth.

Support that please. 
I mean, we have all heard of the stories where colleges have hand problems 
with download bandwidth: http://cms.simons-rock.edu/faq/node12.html

Oops:
http://www.macalester.edu/infoplan/archived/draft-bandwidth-policy.html
I quote: "An e-mail interchange or Web surfing session is scarcely measurable. 
File sharing programs, however, consume a huge amount of bandwidth."

Is your position that colleges are exempt from spam?

> 
> >> It could be put to such good use.
> > 
> > Like? (I am not being a smart *ss I am really curious as to whether
> > spam email is "using bandwidth" to a degree that has kept the
> > bandwidth from being used to do the more productive X - WHILE there
> > is not enough bandwidth to go around. From my chair, I have not
> > observed it - while I have observed DDoS attacks and the like, and
> > can clearly see the damage inflicted.).
> 
> The issue is, YOU AND I are paying for spam whether you realize it or 
> not.  Would you like to start paying for US mail you receive, even 
> though you have absolutely no interest in it?

You failed to answer the question. Again, I ask "Like?"

> >> The solution should be at the other end of the pipe, not at the
> >> receiving end.
> > 
> > 
> > No. The solution should be at both ends (see below).
> 
> No, if you have a working solution at the beginning of the pipe, there's 
> no need for one at the receiving end.

For reasons I stated before, your solution was not good for the beginning of 
the pipe. You also fail to acknowlege that spammers are innovative. You fail 
to see that a spammer can simply create a virus to send email from victims 
machines and skip the "pay-to-send" model you suggested. What of that?

> And you don't think the ISP is paying for the bandwidth usage now?  ISPs 
> already bill their customers, further, they track bandwidth.  It's not 
> that difficult for them to start billing by usage.

Great. Bill me for usage as I download spam. Thank you.
That is so much better than using a software solution. BY the way, I would 
like to note here that many ISPs ARE using "spamassasin" style solutions now.
Hmmm. I wonder why they didn't just go to the pay for bandwidth model.

> All I've got to say about spamarrest is:
> 
> http://static.samspade.org/spamarrest.html

All I have to say in there defense is what they said. I didn't know they had 
an opt out list. I will gladly use it. Currently, I have a filter that simply 
blocks the single email they send after a verfication. No big deal.

> > How, you ask?
> > 
> > What fuels spam is $ and volume. If "everyone" started using
> > spamarrest, the spammers would have to verify each email they send BY
> > HAND. Wouldn't that reduce the effectiveness of spam in general? 
> > Next, once the "verified" spam got through, the receiver could easily
> > ban the sender, and even set more criteria, thus effectively closing
> > the pipe line. Wouldn't that reduce the effectiveness and volume able
> > to be received?
> 
> I prefer a solution that does not impact the spammed.  I shouldn't have 
> to tell you to stop sending crap I don't want.

You don't seem to know how spamarrest works. (and how easily it can be 
implemented client side). Spamarrest is just like screening your calls - 
without having to listen to the answering machine. Is this too much burden - 
as opposed to receiving a bill for every email you sent - and every email 
your computer sent from the virus that the spammer put on your computer?

> > Once you reduce the effectiveness of spam enough, you can raise the
> > cost beyond what is profitable. You have recognized earlier that the
> > solution I have supported works at the receiving end. Now, hopefully
> > you can see how it works effectively at the sending end.
> 
> See my previous comments regarding spamarrest.

Right. That's the winner's attitude! Throw out the entire spamarrest METHOD 
because they send a SINGLE email after verification. Once you get over that 
single email (or acknowlege the fact that I showed an even better solution 
than spamarrest that you omitted from your reply) you will see the above 
paragraph still has merit.

> > 3.  the ISP scrambles to count
> > and charge for each email sent. (By the way, where does that money
> > go? To the ISP? To some Great Email God in the Sky? If not to the God
> > - what keeps an ISP from simply marketing/ saying "Oh yeah, and we
> > don't charge to send email like those other ISPs").
> 
> To the ISP, who in turn, rewards the REAL customer with lower rates.

Lower rates - while simultaniously charging money for sending email? Perhaps I 
don't understand your idea, but I thought you said CHARGE customers for each 
email sent. Further, you didn't answer the more important question of making 
sure that all ISPs use the method (otherwise customers will flock to the ISPs 
that are currently using the FREE spamassisin method - which I bet has a 
lower cost to boot).

I assume that you saw the validity in the explainations that you left 
uncommented. Any of those held separately is a good reason why the 
pay-to-send model is not as good a solution. To wit:

> > 4. Regardless of the product being sold and it's margin or ROI, a
> > spamarrest type of system will strangle the lifeblood of spam -
> > volume AND reduce profit for the spammer simultaniously. 
>>AND, The solution also defends against spam sent via virus.
-- 
Wishing you Happiness, Joy and Laughter,
Drew Brown
http://www.ChangingLINKS.com



More information about the Ale mailing list